Telnet Tools and Settings

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

 

In this section

  • Telnet Tools

  • Telnet Registry Entries

Telnet Server tools and settings determine how Telnet Server handles auditing, authentication, idle session time-out, and other remote command console session options. Usually, you do not need to configure Telnet Server options to connect a Telnet client to Windows Server 2003-based Telnet Server: the default Telnet Server options are compatible with most Telnet clients. However, you must configure Telnet Server options if you want to do any of the following:

  • Audit logon and logoff information.

  • Disable NTLM or password authentication, or change the default domain for authenticating unqualified user names (by default, the domain in which the machine account resides is used to authenticate unqualified user names).

  • Prohibit authentication of user accounts in trusted domains, which restricts Telnet access to users whose user accounts are stored only in the local Security Accounts Manager (SAM) database (by default, Telnet Server authenticates user accounts in trusted domains and the local SAM database).

  • Change the default shell, or command interpreter, that is used for Telnet sessions (Cmd.exe is the default shell).

  • Specify an IP address on which you want the Telnet Server program to listen for connection requests.

  • Change the mode of operation from console mode to stream mode.

  • Ensure that all programs started in a Telnet session terminate when you disconnect a Telnet session.

  • Change the TCP port on which Telnet Server listens for a connection (by default, Telnet servers listen on TCP port 23).

  • Change the maximum number of Telnet sessions that Telnet Server will accept (the default is 2).

  • Change the maximum number of logon attempts before a user is disconnected (the default is 3).

  • Disable idle session time-out, or change the idle session time-out value (the default is 1 hour).

  • Disable Alt key mapping (by default, pressing Ctrl-A simulates the Alt key).

Telnet Tools

The following tools are associated with Telnet Server.

Telnet.exe: Telnet Command Prompt

Category

The Telnet command prompt tool is included with the Windows Server 2003 and Windows XP operating systems.

Version compatibility

Use this command on computers running Windows Server 2003 or Windows XP.

Once all of the settings and options are configured, you can use Telnet.exe to initiate and conduct a Telnet session. You can create a Telnet connection, configure Telnet.exe options, and use all Telnet.exe features by using the Telnet command prompt. The Telnet command prompt is useful if you are performing quick maintenance tasks on several different hosts or you need to use advanced Telnet options and features.

You can access the Telnet command prompt by running the Telnet command without any command-line parameters. You can also access the Telnet command prompt by typing the Telnet escape character during an active Telnet session. The default escape character is Ctrl+].

After you start the Telnet command prompt, the following message appears:

Welcome to Microsoft Telnet Client
Escape Character is 'Ctrl+]'
Microsoft Telnet >

You can close the Telnet command prompt by using the Quit command.

Telnet.exe with command-line parameters

You can create a Telnet connection and configure some Telnet.exe options by using the Telnet command in conjunction with various command-line parameters. Using the Telnet command with command-line parameters is helpful if you are creating Telnet connections within a script or batch file or you do not need to use advanced Telnet client options and features. When you use Telnet with command-line parameters, you can use a single command to create a connection with a host. The command-line syntax for Telnet.exe is:

telnet [-a][-eescape_char][-flog_file][-luser_name][-tterm]host [port]

The command-line parameters are described in the following table.

Telnet.exe Command-Line Parameters

Parameter Description

-a

Instructs Telnet.exe to log on to the host using the credentials of the user who is currently logged on to the client.

-eescape_char

Specifies an escape character, which displays the Telnet command prompt. The default escape character is Ctrl+].

-flog_file

Creates a client-side log file and turns on client-side logging for the current session. The log_file parameter must consist of a path and file name.

-luser_name

Instructs Telnet.exe to log on to the host using the user account that is specified in user_name. The user account specified in user_name must have Telnet logon rights on the host.

-tterm

Specifies the terminal type. The default terminal type is ANSI. Other valid terminal types include VT52, VT100, and VTNT.

host

Specifies the host with which you want to create a Telnet connection. The host parameter can be a NetBIOS name, a fully qualified domain name, or an IP address.

port

Specifies the TCP port on which you want to create a Telnet connection. The default Telnet port is 23.

For example, the following command uses the credentials of the user who is currently logged on to the client to create a Telnet connection on port 23 with a host named server01:

Telnet Server01 

Likewise, the following example creates the same Telnet connection and enables client-side logging to a log file named c:\telnet_logfile:

telnet -f c:\telnet_logfile server01 

The connection with the host remains active until you exit the Telnet session (by using the Exit command), or you use the Telnet Server administration tool to terminate the Telnet session on the host.

Tlntadmn.exe: Telnet Administration

Category

The Telnet administration command-line tool is included with the Windows Server 2003 and Windows XP operating systems.

Version compatibility

Run this command on computers running Windows Server 2003 or Windows XP.

Tlntadmn.exe is a command-line tool, and is installed by default when you install Windows Server 2003. Unlike the Telnet Server administration tool in Windows 2000, Tlntadmn.exe is a noninteractive tool that must be run with various command-line parameters. Because Tlntadmn.exe is noninteractive, and uses command-line parameters to configure Telnet Server options, you can use Tlntadmn.exe in scripts or batch files to automate Telnet Server configuration tasks. You must be a member of the Administrators local group to use the Telnet Server administration tool.

For more information about Tlntadmn.exe, see “Telnet commands” in the Command Line References in the Tools and Settings Collection.

Telnet Registry Entries

The following registry entries are associated with Telnet.

You can configure most Windows Server 2003 Telnet Server options by using the Telnet Server administration tool (Tlntadmn.exe). However, you can only configure some options by using the registry editor (Regedit.exe). You should use the registry editor to configure only the Telnet Server options that cannot be configured with the Telnet Server administration tool.

You must be a member of one of the following groups to use Regedit.exe: Administrators, Server Operators, and Power Users. You can use Regedit.exe to change registry settings on a local or a remote computer. However, only members of the Administrators group can use Regedit.exe to configure registry settings on a remote computer.

The information here is provided as a reference for use in troubleshooting or verifying that the required settings are applied. It is recommended that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the registry editor or by Windows before they are applied, and as a result, incorrect values can be stored. This can result in unrecoverable errors in the system. When possible, use Group Policy or other Windows tools, such as Microsoft Management Console (MMC), to accomplish tasks rather than editing the registry directly. If you must edit the registry, use extreme caution.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

The following registry entries are located under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0\.

AllowTrustedDomain

Registry path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\

Version

The AllowTrustedDomain entry is included in Windows Server 2003 and Windows XP.

You can prevent the Telnet Server program from authenticating users on trusted domains by configuring this registry entry.

By default, the Telnet Server program authenticates user accounts in trusted domains and in the local SAM database. Preventing the Telnet Server program from authenticating user accounts in trusted domains restricts Telnet access to only those users whose user accounts are in the local SAM database. By default, the AllowTrustedDomain registry entry has a value of 1. To prevent Telnet Server from authenticating user accounts in trusted domains, you must set this registry entry to 0.

DefaultShell

Registry path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\

Version

The DefaultShell entry is included in Windows Server 2003 and Windows XP.

You can change the default shell, or command interpreter, that the Telnet Server program uses for a Telnet session by configuring this registry entry.

By default, Telnet Server runs all commands in the Windows Server 2003-based command interpreter (Cmd.exe). You can change this to any command interpreter that is installed on the host. You must provide a path and file name for the command interpreter.

ListenToSpecificIpAddr

Registry path

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\TelnetServer\1.0.\

Version

The ListenToSpecificIpAddr entry is included in Windows Server 2003 and Windows XP.

You can configure the Telnet Server program so it listens for connection requests that are sent to a specific IP address. This is useful if a host has several network adapters, and you want to limit Telnet connections to only one of the network adapters. It is also useful if you have a firewall, and you want to filter Telnet traffic through the firewall to only a few IP addresses.

By default, this registry entry has the value INADDR_ANY, which instructs Telnet Server to listen for Telnet connection requests that are sent to all IP addresses assigned to the host. You can change the value of this registry entry to any IP address that is assigned to the host.